Results 1  10
of
170
Speed: Precise and efficient static estimation of program computational complexity
 In POPL’09
, 2009
"... This paper describes an interprocedural technique for computing symbolic bounds on the number of statements a procedure executes in terms of its scalar inputs and userdefined quantitative functions of input datastructures. Such computational complexity bounds for even simple programs are usually ..."
Abstract

Cited by 69 (6 self)
 Add to MetaCart
(Show Context)
This paper describes an interprocedural technique for computing symbolic bounds on the number of statements a procedure executes in terms of its scalar inputs and userdefined quantitative functions of input datastructures. Such computational complexity bounds for even simple programs are usually disjunctive, nonlinear, and involve numerical properties of heaps. We address the challenges of generating these bounds using two novel ideas. We introduce a proof methodology based on multiple counter instrumentation (each counter can be initialized and incremented at potentially multiple program locations) that allows a given linear invariant generation tool to compute linear bounds individually on these counter variables. The bounds on these counters are then composed together to generate total bounds that are nonlinear and disjunctive. We also give an algorithm for automating this proof
Mobile Resource Guarantees for Smart Devices
 Proceedings of CASSIS’04, LNCS
, 2005
"... Abstract. We present the Mobile Resource Guarantees framework: a system for ensuring that downloaded programs are free from runtime violations of resource bounds. Certificates are attached to code in the form of efficiently checkable proofs of resource bounds; in contrast to cryptographic certifica ..."
Abstract

Cited by 56 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We present the Mobile Resource Guarantees framework: a system for ensuring that downloaded programs are free from runtime violations of resource bounds. Certificates are attached to code in the form of efficiently checkable proofs of resource bounds; in contrast to cryptographic certificates of code origin, these are independent of trust networks. A novel programming language with resource constraints encoded in function types is used to streamline the generation of proofs of resource usage. 1
Light types for polynomial time computation in lambdacalculus
 In Proceedings of the 19th IEEE Syposium on Logic in Computer Science
, 2004
"... We propose a new type system for lambdacalculus ensuring that welltyped programs can be executed in polynomial time: Dual light affine logic (DLAL). DLAL has a simple type language with a linear and an intuitionistic type arrow, and one modality. It corresponds to a fragment of Light affine logic ..."
Abstract

Cited by 44 (11 self)
 Add to MetaCart
(Show Context)
We propose a new type system for lambdacalculus ensuring that welltyped programs can be executed in polynomial time: Dual light affine logic (DLAL). DLAL has a simple type language with a linear and an intuitionistic type arrow, and one modality. It corresponds to a fragment of Light affine logic (LAL). We show that contrarily to LAL, DLAL ensures good properties on lambdaterms: subject reduction is satisfied and a welltyped term admits a polynomial bound on the reduction by any strategy. Finally we establish that as LAL, DLAL allows to represent all polytime functions. 1
Automatic Inference of Upper Bounds for Recurrence Relations in Cost Analysis
 In SAS, LNCS
"... Abstract. The classical approach to automatic cost analysis consists of two phases. Given a program and some measure of cost, we first produce recurrence relations (RRs) which capture the cost of our program in terms of the size of its input data. Second, we convert such RRs into closed form (i.e., ..."
Abstract

Cited by 43 (12 self)
 Add to MetaCart
(Show Context)
Abstract. The classical approach to automatic cost analysis consists of two phases. Given a program and some measure of cost, we first produce recurrence relations (RRs) which capture the cost of our program in terms of the size of its input data. Second, we convert such RRs into closed form (i.e., without recurrences). Whereas the first phase has received considerable attention, with a number of cost analyses available for a variety of programming languages, the second phase has received comparatively little attention. In this paper we first study the features of RRs generated by automatic cost analysis and discuss why existing computer algebra systems are not appropriate for automatically obtaining closed form solutions nor upper bounds of them. Then we present, to our knowledge, the first practical framework for the fully automatic generation of reasonably accurate upper bounds of RRs originating from cost analysis of a wide range of programs. It is based on the inference of ranking functions and loop invariants and on partial evaluation. 1
Multivariate Amortized Resource Analysis
, 2010
"... We study the problem of automatically analyzing the worstcase resource usage of procedures with several arguments. Existing automatic analyses based on amortization, or sized types bound the resource usage or result size of such a procedure by a sum of unary functions of the sizes of the arguments. ..."
Abstract

Cited by 43 (5 self)
 Add to MetaCart
(Show Context)
We study the problem of automatically analyzing the worstcase resource usage of procedures with several arguments. Existing automatic analyses based on amortization, or sized types bound the resource usage or result size of such a procedure by a sum of unary functions of the sizes of the arguments. In this paper we generalize this to arbitrary multivariate polynomial functions thus allowing bounds of the form mn which had to be grossly overestimated by m 2 + n 2 before. Our framework even encompasses bounds like ∑ i,j≤n mimj where the mi are the sizes of the entries of a list of length n. This allows us for the first time to derive useful resource bounds for operations on matrices that are represented as lists of lists and to considerably improve bounds on other superlinear operations on lists such as longest common subsequence and removal of duplicates from lists of lists. Furthermore, resource bounds are now closed under composition which improves accuracy of the analysis of composed programs when some or all of the components exhibit superlinear resource or size behavior. The analysis is based on a novel multivariate amortized resource analysis. We present it in form of a type system for a simple firstorder functional language with lists and trees, prove soundness, and describe automatic type inference based on linear programming. We have experimentally validated the automatic analysis on a wide range of examples from functional programming with lists and trees. The obtained bounds were compared with actual resource consumption. All bounds were asymptotically tight, and the constants were close or even identical to the optimal ones.
Memory Usage Verification for OO Programs
 In SAS 05
, 2005
"... Abstract. We present a new type system for an objectoriented (OO) language that characterizes the sizes of data structures and the amount of heap memory required to successfully execute methods that operate on these data structures. Key components of this type system include type assertions that us ..."
Abstract

Cited by 33 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We present a new type system for an objectoriented (OO) language that characterizes the sizes of data structures and the amount of heap memory required to successfully execute methods that operate on these data structures. Key components of this type system include type assertions that use symbolic Presburger arithmetic expressions to capture data structure sizes, the effect of methods on the data structures that they manipulate, and the amount of memory that methods allocate and deallocate. For each method, we conservatively capture the amount of memory required to execute the method as a function of the sizes of the method’s inputs. The safety guarantee is that the method will never attempt to use more memory than its type expressions specify. We have implemented a type checker to verify memory usages of OO programs. Our experience is that the type system can precisely and effectively capture memory bounds for a wide range of programs. 1
TypeBased Amortised HeapSpace Analysis
 In ESOP 2006, LNCS 3924
, 2006
"... Abstract. We present a type system for a compiletime analysis of heapspace requirements of Java style objectoriented programs with explicit deallocation. Our system is based on an amortised complexity analysis: the data is arbitrarily assigned a potential related to its size and layout; allocation ..."
Abstract

Cited by 31 (10 self)
 Add to MetaCart
(Show Context)
Abstract. We present a type system for a compiletime analysis of heapspace requirements of Java style objectoriented programs with explicit deallocation. Our system is based on an amortised complexity analysis: the data is arbitrarily assigned a potential related to its size and layout; allocations must be ”payed for ” from this potential. The potential of each input then furnishes an upper bound on the heap space usage for the computation on this input. We successfully treat inheritance, downcast, update and aliasing. Example applications for the analysis include destinationpassing style and doublylinked lists. Type inference is explicitly not included; the contribution lies in the system elides most technical lemmas and proofs, even nontrivial ones, due to space limitations. A full version is available at the authors ’ web pages. 1
Grail: A Functional Form for Imperative Mobile Code
, 2003
"... In Robert Louis Stevenson's novel [31], Dr Jekyll is a wellregarded member of polite society, while his alter ego Mr Hyde shares the same physical form but roams abroad communing with the lowest elements. In this paper we present Grail, a wellbehaved firstorder functional language that is th ..."
Abstract

Cited by 29 (13 self)
 Add to MetaCart
In Robert Louis Stevenson's novel [31], Dr Jekyll is a wellregarded member of polite society, while his alter ego Mr Hyde shares the same physical form but roams abroad communing with the lowest elements. In this paper we present Grail, a wellbehaved firstorder functional language that is the target for an MLlike compiler; while also being a wholly imperative language of assignments that travels and executes as Java classfiles. We use this dual identity in the Mobile Resource Guarantees project, where Grail serves as proofcarrying code to provide assurances of time and space performance, thereby supporting secure and reliable global computing.
Certified memory usage analysis
 In FM’05, number 3582 in LNCS
, 2005
"... Abstract. We present a certified algorithm for resource usage analysis, applicable to languages in the style of Java byte code. The algorithm verifies that a program executes in bounded memory. The algorithm is destined to be used in the development process of applets and for enhanced byte code veri ..."
Abstract

Cited by 28 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We present a certified algorithm for resource usage analysis, applicable to languages in the style of Java byte code. The algorithm verifies that a program executes in bounded memory. The algorithm is destined to be used in the development process of applets and for enhanced byte code verification on embedded devices. We have therefore aimed at a lowcomplexity algorithm derived from a loop detection algorithm for control flow graphs. The expression of the algorithm as a constraintbased static analysis of the program over simple lattices provides a link with abstract interpretation that allows to state and prove formally the correctness of the analysis with interpretation framework implemented in the Coq proof assistant which has been used to provide a complete formalisation and formal verification of all correctness proofs.
Automatic Certification of Heap Consumption
 In LPAR’04, LNAI 3452
, 2005
"... Abstract. We present a program logic for verifying the heap consumption of lowlevel programs. The proof rules employ a uniform assertion format and have been derived from a general purpose program logic [1]. In a proofcarrying code scenario, the inference of invariants is delegated to the code pro ..."
Abstract

Cited by 28 (15 self)
 Add to MetaCart
(Show Context)
Abstract. We present a program logic for verifying the heap consumption of lowlevel programs. The proof rules employ a uniform assertion format and have been derived from a general purpose program logic [1]. In a proofcarrying code scenario, the inference of invariants is delegated to the code provider, who employs a certifying compiler that generates a certificate from program annotations and analysis. The granularity of the proof rules matches that of the linear type system presented in [6], which enables us to perform verification by replaying typing derivations in a theorem prover, given the specifications of individual methods. The resulting verification conditions are of limited complexity, and are automatically discharged. We also outline a proof system that relaxes the linearity restrictions and relates to the type system of usage aspects presented in [2]. 1